Organizations want to keep the business operating during an extended or catastrophic technology outage, providing continuity of service and allowing staff to carry out their day-to-day responsibilities. VMware Horizon 7 Enterprise Edition Multi-Site Reference Architecture provides best practices and architectural blueprints for building a deployment that addresses these issues.
This reference architecture describes a typical configuration and requirements for a two-data-center strategy, which can easily be adapted and scaled to larger environments. All Horizon 7 Enterprise Edition components are included in this solution to deliver business continuity and mitigate against component failure:
- Virtual desktops and published applications (RDSH)
- Applications delivered through VMware App Volumes AppStacks and writable volumes
- Profile data with VMware User Environment Manager
- Secure external access by using VMware Access Point
- Single sign-on workspace with VMware Identity Manager
Design begins by defining business requirements and drivers, which can be mapped to basic use cases and adapted to most scenarios. For a detailed description of this process, also see the VMware Horizon 7 Enterprise Edition Reference Architecture.
Figure 1: Example Service Blueprint for a Horizon 7 Enterprise Multi-Site Reference Architecture
To keep the business running with the shortest possible time to recovery and with the minimum amount of disruption, architecture designs in this paper have specific targets for the Recovery Time Objective (RTO) and the Recovery Point Objective (RPO). RTO is the time it takes to recover a given service. RPO is the maximum period during which data might be lost. Low targets are defined as 30–60 second estimates. Medium targets are estimated at 45–60 minutes.
For low RTO and RPO targets, recovery services are designed to operate in active/active mode, in which service is available from multiple data centers without manual intervention. For medium RTO and RPO targets, recovery services are designed to operate in active/passive mode, which means the loss of an active Horizon pod or data center instance requires that the secondary site be enabled to accommodate impacted users, and their data and applications.
Note: A Horizon pod contains one block of management servers and one or more resource blocks for hosting virtual desktop or RDS hosts. Each pod supports up to 10,000 users or sessions.
The recovery services and availability are from a user’s perspective.
- With an active/active service, the loss of a Horizon pod or data center instance does not impact service availability to the user because the remaining instances continue to operate independently. Active/active architecture uses one or more Horizon pods located in each data center. The pods are joined using Cloud Pod Architecture configured with global entitlements that allow named users to access either site at any given point in time.
- With an active/passive service, services are run from both data centers, but in the event of an outage, manual steps are required to enable an available data center to accommodate users impacted by the data center that had the outage. The example in this paper uses Pure Storage arrays to provide data replication. This type of active/passive architecture is the same architecture as active/active, but global entitlements are configured to align a named user to only one site at a time.
- Another strategy for an active/passive service uses an architecture that relies on VMware vSAN Stretched Cluster technology. This architecture is truly active/passive in that the services are run only from a single data center. In the event of an outage, the entire Horizon 7 Enterprise Edition management and desktop infrastructure is migrated to the passive site. VMware vSAN Stretched Cluster technology relies on certain networking requirements that might not suit customers with geographically dispersed data centers.
VMware Horizon 7 Enterprise Edition Multi-Site Reference Architecture shows how to build a resilient environment that is capable of delivering disaster recovery of Horizon 7 workloads. Appendixes include information such as detailed test plans for each use case and tables listing recommended settings for vSAN, VMware vSphere, distributed switches, and storage.